Skip to main content

How to run Commands as Administrator on Windows devices with Swif

Updated over a week ago

How Administrator Commands Work on Windows with Swif.ai

On Windows devices enrolled in Swif.ai:

  • Commands are executed using the SYSTEM context

  • Scripts run with full administrator privileges

  • No UAC prompt is shown to the end user

  • Execution is non-interactive and silent

  • The logged-in user is not required to be an administrator

This makes Swif.ai suitable for managing both:

  • Company-owned devices

  • BYOD devices (within policy scope)

The Swif agent operates under the SYSTEM user, which possesses administrative rights. This setup ensures that all commands executed by the agent are within the administrative scope, eliminating the necessity for manual elevation to administrator status, as one might do in Windows PowerShell.

The SYSTEM user is a special account that has administrative privileges but lacks a user interface (UI). Consequently, operations that require interaction with the UI cannot be conducted by the SYSTEM user due to its inability to access the UI. This design choice is crucial for understanding how the Swif agent interacts with the system it's installed on, ensuring it has the necessary permissions to perform its tasks efficiently while also highlighting certain limitations regarding UI-based operations.

Running on the Swif Admin Account

Swif allows you to use a placeholder like {{SWIF_ADMIN_USER}} to automatically run the command as the Swif admin. For more details, please refer to Running on the Swif Admin Account.

Note, for security reasons, Windows usually prompts for the password interactively when you try to run as another user. This is a built-in security mechanism to avoid exposing credentials directly in scripts or command-line parameters.

Unlike macOS or Linux, where you can often pass credentials programmatically (e.g. sudo with automation), Windows requires the user to enter the password manually when using commands like runas.

There are workarounds using PowerShell’s Start-Process -Credential, or third-party tools like PsExec, but natively runas itself doesn’t accept a password directly for security reasons.

Running Administrator Commands via the Software (Applications) Page

When adding or managing a Windows application in
Device Management → Applications, Swif.ai provides multiple script execution points.


All scripts below run with administrator (SYSTEM) privileges.

1. Pre-Install Script

When it runs:
Before the installer file is executed.

Typical use cases:

  • Removing older versions

  • Installing dependencies

  • Preparing directories or registry keys

Example (PowerShell):

Stop-Service -Name OldService -ErrorAction SilentlyContinue Remove-Item -Recurse -Force "C:\Program Files\OldApp" -ErrorAction SilentlyContinue exit 0

2. Installer File

The Installer File itself runs as administrator.

Supported formats include:

  • .exe

  • .msi

  • Custom installers

You can pass silent or custom flags using Installer Arguments, for example:

/quiet /norestart

No additional elevation is required.

3. Post-Install Command Script

When it runs:
Immediately after the installer completes.

Typical use cases:

  • Activating licenses

  • Registering agents

  • Starting services

  • Running vendor CLI tools

Example:

& "C:\Program Files\App\appctl.exe" activate --key XXXXXXXX Start-Service -Name AppService  if ((Get-Service AppService).Status -eq "Running") {   exit 0 } else {   exit 1 }

4. Install Check Script (Validation Rule)

When it runs:
To determine whether the application is already installed or successfully deployed.

Configured under Validation Rules with Rule Type = Script.

Purpose:

  • Prevent duplicate installs

  • Support version detection

  • Enable compliance reporting

Example:

if (Test-Path "C:\Program Files\App\app.exe") {   exit 0 } else {   exit 1 }

  • exit 0 → Application detected

  • exit 1 → Application not found

5. Uninstaller File

The Uninstaller File also runs with administrator privileges.

Common examples:

  • Vendor uninstall .exe

  • MSI uninstall commands

Example:

msiexec /x {PRODUCT-CODE} /quiet /norestart

6. Uninstall Script

When it runs:
After the uninstaller file or when removing an app assignment.

Typical use cases:

  • Cleaning leftover files

  • Removing registry entries

  • Stopping and deleting services

Example:

Stop-Service AppService -ErrorAction SilentlyContinue Remove-Item -Recurse -Force "C:\ProgramData\App" -ErrorAction SilentlyContinue exit 0

Script Execution Order on Windows

When deploying a Windows application, scripts execute in this order:

  1. Pre-Install Script

  2. Installer File

  3. Post-Install Command Script

  4. Install Check Script (Validation)

All steps execute as SYSTEM / administrator.

Summary

Swif.ai enables secure, automated execution of administrator-level commands on Windows devices without user interaction. Through the Software (Applications) page, administrators can run elevated scripts across the entire application lifecycle:

  • Pre-install preparation

  • Installation

  • Post-install configuration

  • Validation

  • Uninstallation

This ensures consistent, scalable, and secure Windows software management across your fleet.

For Mac Devices

If you're working with a Mac device, you can run a command as an administrator. For more information, visit the Mac command guide.

For Linux Devices

If you're working with a Linux device, you can run a command as sudo. For more information, visit the Linux command guide.

Related Articles
How to run Commands as sudo on macOS with Swif
Installing Custom Software via Swif
How to Enroll Linux Devices in Swif
Troubleshooting Windows Command Execution Issues in Swif
How to Run Commands as sudo on Linux with Swif.ai
Did this answer your question?